Cisco ASA NGFW vs. Fortinet FortiGate

As of April 2019, Cisco ASA NGFW is ranked 2nd in Firewalls with 87 reviews vs Fortinet FortiGate which is ranked 1st in Firewalls with 58 reviews. The top reviewer of Cisco ASA NGFW writes "Enables us to to track traffic in inbound and outbound patterns so we can set expectations for network traffic". The top reviewer of Fortinet FortiGate writes "The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors". Cisco ASA NGFW is most compared with Fortinet FortiGate, Meraki MX Firewalls and Cisco Firepower NGFW. Fortinet FortiGate is most compared with Cisco ASA NGFW, Sophos UTM and pfSense. See our Cisco ASA NGFW vs. Fortinet FortiGate report.
Cancel
You must select at least 2 products to compare!
Cisco ASA NGFW Logo
115,832 views|52,471 comparisons
Fortinet FortiGate Logo
240,637 views|109,185 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: March 2019.
333,928 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
We moved from a legacy firewall to the ASA with FirePOWER, increasing our Internet Edge defense dramatically.Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside.Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization.The feature that I found most valuable is the overall stability of the product.The stability of Cisco ASA is excellent compared to other products on the market. Because of our customer experience as an integrator company, our clients never report any performance problems. We have a good performance reputation with Cisco ASA.I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little on Palo Alto Networks equipment. There is a lot I have to learn about the difference.We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area.The initial setup was completely straightforward.

Read more »

The most important features with FortiGate are the web filter and application controls. We can control our internet usage and use the web filter for application purposes.It is user friendly, and has all the features you need.We are very happy with the general bandwidth agility we have seen from one website to another website.The most important features of Fortinet FortiGate are the Intrusion Prevention System (IPS) and firewall control applications.Fortinet FortiGate is scalable for our users. Right now, we have almost 70 users. We do not have any plan to increase our usage of FortiGate. For maintaining the firewall solution, one staff member is enough.This solution made it very easy to manage our bandwidth.The features that prevent internet connections, the filtering are the most valuable because we did not have any internet protection before.Fortinet FortiGate is a security device. It can optimize security on the networks of a company. It actually protects the company from attacks from outside. With FortiGate, you can categorize the users. You can create a group of users that can access all of the websites for their work. You can limit other users' access.

Read more »

Cons
The product would be improved if the GUI could be brought into the 21st Century.Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer.There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products.One of my main concerns, an area that could use improvement is in adjusting the need to buy a license to enable features.Usually, the customers are satisfied, but I am going to recommend that all clients upgrade to FirePOWER management. I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility.The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used.Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems.We have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly.

Read more »

Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server.I feel that the reporting needs to be improved.I have to say that the initial setup was complex. The deployment took a few days to get set up. Initially, we were using an IPVanish. We switched to this tool since we thought it would be easier. But it turns out it wasn't easier to set up and run.The main aspect of FortiGate that could be improved is load balancing. Our management team does not want to buy another appliance for only load balancing.One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at the peak time when the number of contracts and users are at maximum.Compared to some other products, the DLP is not at par for the moment.Fortinet could improve the windows opener or the virtual IP solutions for opening windows. The virtual IP settings need improvement as firewalls are trending in new development directions.Scalability is one of the disadvantages. When it comes to scalability, you have to actually change the box. If you want to upgrade it, you need to actually change the existing box and probably you take the system off to other sites.

Read more »

Pricing and Cost Advice
We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.Licensing is expensive compared to other solutions.Pricing is high, but it is essentially a corporate decision.The cost is a bit high compared to other solutions in the market.Cisco recently has become very expensive.The cost is a bit higher than other competitive solutions on the market.It is considered on the "high end" of the spectrum.

Read more »

Each feature costs money, so it is important to study your needs.I would say that all things considered, the pricing is pretty good.Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project.Our licensing costs are on a yearly basis.Compared to Palo Alto, which we have used in the past, pricing and licensing are okay.Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.The initial setup is super straight forward and as far as the licensing goes for the small product that we have, the pricing was pretty competitive. It wasn't as simple and as cheap as a SonicWall but for the service we would get it was a good price.It is a good product from a price perspective versus functionality.

Read more »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
333,928 professionals have used our research since 2012.
Answers from the Community
Miriam Tover
Alberto E. Luna RodriguezReal User

Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to go. However, beware of Fortinet's promises performance-wise, if you take this route you'll want to over-dimension your device a bit, otherwise you will not be activating the features you're buying. Stability and reliability is OK (careful with software upgrades as they tend to break some things).

Cisco ASA: My personal preference because of the peace of mind they provide (specially if it's your phone that rings every time something breaks). Not as friendly as Fortinet, takes effort deploy and maintain. They are more expensive and offer less features, but they do the work they are built for, and they do it exceptionally. If you are looking for stability, reliability and great support, and you don't mind spending some extra dollars then this is the way to go, Firepower adds some of the missing features that other vendors offer, but not as well integrated IMO. They are improving on that regard, but still lag behind other vendors with UTM devices.

18 December 18
Network Engineer with 201-500 employeesReal User

1. The biggest difference between the two is the pricing. You can get a higher model of FortiGate with all the bells and whistles for a quarter of the price of the basic model of the Cisco Firepower (cisco's next gen firewalls).
2. Cisco ASA will be end of production pretty soon. I am unsure if they will continue to sell the ASA with Firepower bundle.
3. The only upside of buying Cisco these days is for the TAC support which of course comes with a huge cost of smartnet support cost.
4. The down side of FortiGate is that their support isn't as great as Cisco. So if you know what you are doing you can get by with FortiGate just fine and save a bunch of money in the process. It is not that difficult to work with FortiGate.
5. My suggestion is do a Proof of Concept with both the hardware on site and evaluate the performance and ease of use. Your sales rep for Cisco and FortiGate should be able to get you a demo device.
6. Also key when choosing a firewall is understanding the nature of your traffic. For example: My previous company dealt with a lot of bid traffic which are really small packets but in large numbers and the Palo Alto firewall that we brought for almost $500K could not handle it, hence do your due diligence and understand the traffic that will be passing through the firewall.
7. Evaluate the firewall to see if it can handle east-west traffic security (zero trust deployment).

19 December 18
COO/CTO at a pharma/biotech company with 11-50 employeesReal User

Before I respond completely, does it matter if the bandwidth is compromised while all firewall apps are active?

My experience with Fortinet was heavy overhead while their firewall apps were active. This was with a 1GHz Verizon FIOS business account (1 GHz up AND download). Hardwired endpoints and WiFi connections using Fortigate APs were under 20 devices. We were below 100 MHz and was confirmed with my 3rd party whom I had a 5 day a week 8 hours/day support account. That is a greater than 90% overhead. The Fortinet device was a 90-D router - that was overkill for what my company size was and yet, still had that performance.

17 December 18
Jefferson LoiseauUser

In order to answer that question a few things needs to be understood about the current environment.

For small to medium business where funding is a concern, the Fortinet are a very good long term solution. If you are deploying an External and Internal environment, you could leverage a combination of both where the Cisco ASA is on the internal and Fortinet on the external.

Fortinet’s are easier to deploy and there security approach is top end.

ASA are a bit more difficult and with the FirePower are known to be an issue when deploying and pushing out policies.

I’d be more inclined to go with the Fortinet’s than ASA’s is staff and resources are limited.

17 December 18
Goumou FerdinandUser

Hello, I recommend Cisco ASA, it is very consistence, powerful, flexible and interoperability that is the main goal of Cisco products. I always recommend to my client ASA if they need Firewall only.
Fortigate is a good product, easy to implement and manage, it is also less expensive compare to ASA, I most of the time recommend Fortinet to a client who have limited budget for security, so by choosing Fortigate, the client can use the other services such as antivirus, malware protection, application control and so on.
So in summary the choice is not made base on the device, but base on the customer infrastructure, budget and technical resource they have to manage the devices.

Cheers,

20 December 18
Ranking
2nd
out of 50 in Firewalls
Views
115,832
Comparisons
52,471
Reviews
79
Average Words per Review
268
Avg. Rating
7.9
1st
out of 50 in Firewalls
Views
240,637
Comparisons
109,185
Reviews
43
Average Words per Review
336
Avg. Rating
8.5
Top Comparisons
Compared 34% of the time.
Compared 17% of the time.
Compared 12% of the time.
Compared 9% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASAFortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Learn
Cisco
Fortinet
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Offer
Learn more about Cisco ASA NGFW
Learn more about Fortinet FortiGate
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Top Industries
REVIEWERS
Financial Services Firm20%
Manufacturing Company13%
Comms Service Provider11%
University7%
VISITORS READING REVIEWS
Comms Service Provider23%
Financial Services Firm16%
Manufacturing Company10%
Transportation Company8%
REVIEWERS
Financial Services Firm12%
Comms Service Provider10%
Healthcare Company10%
Real Estate/Law Firm10%
VISITORS READING REVIEWS
Cloud Provider18%
Comms Service Provider10%
Writing And Editing Position9%
Financial Services Firm8%
Company Size
REVIEWERS
Small Business38%
Midsize Enterprise27%
Large Enterprise35%
VISITORS READING REVIEWS
Small Business42%
Midsize Enterprise26%
Large Enterprise31%
REVIEWERS
Small Business51%
Midsize Enterprise24%
Large Enterprise25%
VISITORS READING REVIEWS
Small Business52%
Midsize Enterprise33%
Large Enterprise15%
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: March 2019.
333,928 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email